All states and territories, except South Australia and Western Australia, have enacted specific information privacy legislation that regulates how certain public and private sector organisations collect, handle and store personal information about individuals. (The Western Australian Government is currently considering whole-of-government privacy and responsible information sharing legislation.) Some jurisdictions, including Victoria, give health information specific or additional legislative protection.
Victoria, the Australian Capital Territory and Queensland have human rights legislation that recognises the broader right to privacy under the United Nations International Covenant on Civil and Political Rights (1966) and requires public sector organisations to act in a way that is compatible with privacy and other human rights.
For Australian organisations that sell to overseas markets, it is common to find commitments in website privacy policies about compliance with the General Data Protection Regulation (GDPR) or other overseas privacy law. However, although some overseas privacy laws, like the GDPR, can impose some obligations on Australian companies, they do not give enforceable privacy protection under those overseas laws for people in Australia. Instead, people in Australia should look to local laws to enforce their privacy rights.